mirror of
https://github.com/Luzifer/vault-openvpn.git
synced 2024-12-24 22:01:20 +00:00
Add dhparam generation support
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
c7d655ffed
commit
2f084643bf
2 changed files with 46 additions and 1 deletions
10
README.md
10
README.md
|
@ -56,6 +56,16 @@ You need to create a folder containing two files: `client.conf` and `server.conf
|
|||
</key>
|
||||
```
|
||||
|
||||
For the server configuration an additional block is available in case you don't want to generate your DH parameters with an external command:
|
||||
|
||||
```
|
||||
<dh>
|
||||
{{ dhparam <bitsize> [generator] }}
|
||||
</dh>
|
||||
```
|
||||
|
||||
In this function call you must specify `<bitsize>` (for example `2048`) and may specify the `[generator]`. If the generator is not specified the default generator is set to `2`. Please ensure you are not using this block in your `client.conf` as OpenVPN will not accept it there.
|
||||
|
||||
The configurations generated by this tool will not need multiple files but include the certificates inside the configuration. This makes it far more easy to pass them to your users. No unzip, no questions where to put the files, mostly the OpenVPN clients will know how to handle something called `my-vpn.conf`.
|
||||
|
||||
After you've set up your folder (you also could use one of the example configurations in the [`example` folder](https://github.com/Luzifer/vault-openvpn/tree/master/example) of this repository) you can issue your servers configuration:
|
||||
|
|
|
@ -9,10 +9,12 @@ import (
|
|||
"io/ioutil"
|
||||
"os"
|
||||
"path"
|
||||
"strconv"
|
||||
"strings"
|
||||
"text/template"
|
||||
"time"
|
||||
|
||||
dhparam "github.com/Luzifer/go-dhparams"
|
||||
"github.com/hashicorp/vault/api"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"github.com/spf13/viper"
|
||||
|
@ -215,7 +217,9 @@ func renderTemplate(tplName string, tplv *templateVars) error {
|
|||
return err
|
||||
}
|
||||
|
||||
tpl, err := template.New("tpl").Parse(string(raw))
|
||||
tpl, err := template.New("tpl").Funcs(template.FuncMap{
|
||||
"dhparam": generateDHParam,
|
||||
}).Parse(string(raw))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -233,3 +237,34 @@ func validateSerial(serial string) bool {
|
|||
// Also very basic check, also here Vault does the real validation
|
||||
return len(strings.Split(serial, ":")) > 1
|
||||
}
|
||||
|
||||
func generateDHParam(name string, v ...string) (interface{}, error) {
|
||||
bits, err := strconv.Atoi(name)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Unable to parse bit size: %s", err)
|
||||
}
|
||||
|
||||
var generator int = 2
|
||||
|
||||
if len(v) > 0 {
|
||||
if generator, err = strconv.Atoi(v[0]); err != nil {
|
||||
return nil, fmt.Errorf("Unable to parse generator: %s", err)
|
||||
}
|
||||
|
||||
if generator != 2 && generator != 5 {
|
||||
return nil, errors.New("Only generators 2 and 5 are supported")
|
||||
}
|
||||
}
|
||||
|
||||
dh, err := dhparam.Generate(bits, dhparam.Generator(generator), nil)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Unable to generate DH parameters: %s", err)
|
||||
}
|
||||
|
||||
p, err := dh.ToPEM()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Unable to encode DH parameters: %s", err)
|
||||
}
|
||||
|
||||
return string(p), nil
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue